How to safely detele a record?
Question
CONTEXT
I created an app which handles todos. I want to be able to delete todos based on an id I get from the url
import vweb
struct App {
vweb.Context
}
[post]
["/todo/:id/delete"]
pub fn (mut app App) delete_todo_response(id string) vweb.Result {
db := sqlite.open("dist/database.db") or {
return app.redirect("/todo")
}
db.exec_none('DELETE FROM todo WHERE id = $id') // id is not escaped
}
fn main() {
vweb.run<App>(80)
}
PROBLEM
As you can see, the id is not escaped. I feel this is not the ideal and secure way to do this.
QUESTIONS
- How one can escape values using
exec(),exec_one()orexec_none()? - Is the ORM capable of deleting a record for me based on a struct, like this is possible with select and insert?
1 answers
solution1
0 2021-05-07 09:04:17
As far as I know, there is no standard way to escape sqlite queries. However, you can indeed use the ORM. If you declare your Todo struct, this should do:
sql db {
delete from Todo where id == id
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
When using an ORM, how to safely send loaded entities across the tiers
CakePHP 4 -> how to save join record
How to Create or Update a record with GORM?
How to retrieve a Doctrine record with all relational records?
How to check whether a record exists before inserting
Telerik Openaccess ORM - How to insert a record
How to limit contained associations per record/group?
How to update a record without loading an orm?
How to select a record and update it, with a single queryset in Django?
Dapper - How to return record as Custom object type?
Related Tags